The University Information Security Policy & InfoSec one year on…. Tom Anstey Weatherall Institute of Molecular Medicine & InfoSec firstname.lastname@example.org http://www.it.ox.ac.uk/infosec/infosecproject/. The need for a Policy!. OxCERT led a Information Security Self-Assessment in 2007-2009.
The University Information Security Policy & InfoSec one year on…
Weatherall Institute of Molecular Medicine & InfoSec
OxCERT led a Information Security Self-Assessment in 2007-2009
ICTF staff + Council Secretariat
Governance: Central -vs- Local
Identify the problems – Risk Assessments
Includes liaison with:
Not just an IT issue
Flowchart for data encryption could be used for paper waste destruction protocol.
Finding a balance between security and usability.
This is where the power really is!
They’re now on board and understand the need for improved practices, and a local policy.
Improved understanding of a unit’s responsibility and liability.
… easy to read!
On-going work in progress
Aims to meet ISO2007:2005
Centre for the Protection of National Infrastructure
Government cyber-security initiative
Fits in with other ox.ac.uk academic work
e.g. Andrew Martin, Sadie Creese et al.
EPIC on-line training
Post mortem discussions